Appl. No. 09/998,898 PATENT 
Amdt. dated August 12, 2008 
Amendment under 37 CFR 1.114 
Request for Continued Examination 



Amendments to the Claims: 

Please cancel claims 15, 16, 20, 22, 26, 28, 33, 35, and 38 without prejudice or 
disclaimer. This listing of claims will replace all prior versions, and listings of claims in the 
application: 

Listing of Claims: 

1 . (Currently Amended) A method for modifying group membership, 
comprising the steps of: 

receiving from a first entity a request to add the first entity to a first group; 

accessing an indication of attribute of an identity profile of the first group, the 
attribute identifying a first policy from a plurality of policies, the plurality of policies defining 
policies for self-subscribing to and self-unsubscribing from said first group; and 

adding said first entity to said first group as a static member based on said first 
policy, wherein adding said first entity to said first group as a static member comprises updating 
an attribute of an identity profile for the first group to include the first entit y; and 

adding said first entity to a second group as a nested member based on said first 
group being a member of said second group . 

2. (Canceled) 

3. (Previously Presented) A method according to claim 1, wherein: 

said indication is stored in an attribute of the identity profile for said first group. 

4. (Currently Amended) A method according to claim 1, wherein: 

said plurality of policies includes an open policy, an open with filter policy, a 
controlled through workflow policy, and a closed policy , wherein the open policy is less 
restrictive than the open with filter policy, the open with filter policy is less restrictive than the 
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controlled through workflow policy, and the controlled through workflow policy is less 
restrictive than the closed policy . 

5. (Original) A method according to claim 4, wherein: 

said identity profile for said first group includes a filter attribute, said filter 
attribute stores a filter that is used with said open with filter policy to determine whether said 
first entity may be added to said first group. 

6. (Canceled) 

7. (Original) A method according to claim 4, wherein: 

said controlled through workflow policy requires that workflows be used to add 
entities to said first group and remove entities from said first group. 

8. (Previously Presented) A method according to claim 4, wherein: 

if said first policy is said controlled through workflow policy, then said first entity 
will not be added to said first group if said first entity is not a participant in a first step of a 
workflow associated with said controlled through workflow policy. 

9. (Original) A method according to claim 4, wherein: 

said closed policy prevents entities from subscribing to and unsubscribing from 
said first group. 

10. (Currently Amended) A method according to claim 4, further comprising 

the steps of: 

receiving a request from said first entity to unsubscribe from said first group; 
accessing said indication of said first policy attribute of said identity profile of 
said first group ; and 

unsubscribing said first entity from said first group, based on said first policy. 

1 1 . (Currently Amended) A method according to claim 1 , wherein: 
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said indication is stored in an attribute of the identity profile for said first group; 
said identity profile for said first group includes an attribute that stores an 
indication of whether to send a message upon adding said first entity to said first group; and 
said identity profile for said first group includes an attribute that stores said 

message. 

12. (Currently Amended) A method according to claim [[1]] 4, wherein: 
said first group is a member of a second group; 

an identity profile of said second group includes an attribute identifying from the 
plurality of policies a policy for changing static membership of said second group; 

adding said first entity to the second group is performed only if said first policy 
may is not be-less restrictive than [[a]] the policy for changing static membership of said second 
group; and 

said step of adding said first entity to said first second group as a nested member 
provides said first entity with membership privileges in said second group. 

13. (Original) A method according to claim 1, wherein: 

said steps of receiving, accessing and adding are performed by an integrated 
identity and access system. 

14. (Original) A method according to claim 13, wherein: 

said integrated identity and access system is capable of authorizing said first 
entity to access a resource based on membership in said first group. 



15. (Canceled) 

16. (Canceled) 

17. (Original) A method according to claim 1, wherein: 
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said step of adding includes determining whether to add said first entity to said 
first group based on said first policy. 

18. (Currently Amended) A method for modifying group membership, 
comprising the steps of: 

receiving from a first static member a request to remove the first static member 
from a first group; 

accessing an indication of attribute of an identity profile of the first group, the 
attribute identifying a first policy from a plurality of policies, the plurality of policies defining 
policies for self-subscribing to and self-unsubscribing from said first group; and 

removing said first static member from said first group based on said first policy, 
wherein removing said first entity to said first group as a static member comprises updating an 
attribute of an identity profile for the first group to remove the first entity ; and 

removing said first static member from a second group based on said first group 
being a member of said second group . 

19. (Canceled) 

20. (Canceled) 

21. (Currently Amended) A method according to claim 18, wherein: 
said plurality of policies includes an open policy, an open with filter policy, a 

controlled through workflow policy, and a closed policy , wherein the open policy is less 
restrictive than the open with filter policy, the open with filter policy is less restrictive than the 
controlled through workflow policy, and the controlled through workflow policy is less 
restrictive than the closed policy . 

22. (Canceled) 

23. (Currently Amended) A method according to claim 18- 21_, wherein: 
said first group is a member of a second group; 
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an identity profile of said second group includes an attribute identifying from the 
plurality of policies a policy for changing static membership of said second group; 

removing said first entity to the second group is performed only if said first policy 
may is not be-less restrictive than [[a]] the policy for changing static membership of said second 
group; and 

said step of removing said first static member has an effect of removing said first 
static member from said second group. 

24. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

receiving from a first entity a request to add the first entity to a first group; 

accessing an indication of attribute of an identity profile of the first group, the 
attribute identifying a first policy from a plurality of policies, the plurality of policies defining 
policies for self-subscribing to and self-unsubscribing from said first group; and 

adding said first entity to said first group as a static member based on said first 
policy, wherein adding said first entity to said first group as a static member comprises updating 
an attribute of an identity profile for the first group to include the first entit y; and 

adding said first entity to a second group as a nested member based on said first 
group being a member of said second group . 

25. (Canceled) 

26. (Canceled) 

27. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said plurality of policies includes an open policy, an open with filter policy, a 
controlled through workflow policy, and a closed policy , wherein the open policy is less 
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restrictive than the open with filter policy, the open with filter policy is less restrictive than the 
controlled through workflow policy, and the controlled through workflow policy is less 
restrictive than the closed policy . 

28. (Canceled) 

29. (Currently Amended) One or more processor readable storage devices 
according to claim 24 27, wherein: 

said first group is a member of a second group; 

an identity profile of said second group includes an attribute identifying from the 
plurality of policies a policy for changing static membership of said second group; 

adding said first entity to the second group is performed only if said first policy 
may is not be-less restrictive than [[a]] the policy for changing static membership of said second 
group; and 

said step of adding said first entity to said first second group as a nested member 
provides said first entity with membership privileges in said second group. 

30. (Original) One or more processor readable storage devices according to 
claim 24, wherein: 

said steps of receiving, accessing and adding are performed by an integrated 
identity and access system. 

3 1 . (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

receiving from a first static member a request to remove the first static member 
from a first group; 
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accessing an indication of attribute of an identity profile of the first group, the 
attribute identifying a first policy from a plurality of policies, the plurality of policies defining 
policies for self-subscribing to and self-unsubscribing from said first group; and 

removing said first static member from said first group based on said first policy, 
wherein removing said first entity to said first group as a static member comprises updating an 
attribute of an identity profile for the first group to remove the first entity ; and 

removing said first static member from a second group based on said first group 
being a member of said second group . 

32. (Canceled) 

33. (Canceled) 

34. (Currently Amended) One or more processor readable storage devices 
according to claim 31, wherein: 

said plurality of policies includes an open policy, an open with filter policy, a 
controlled through workflow policy, and a closed policy , wherein the open policy is less 
restrictive than the open with filter policy, the open with filter policy is less restrictive than the 
controlled through workflow policy, and the controlled through workflow policy is less 
restrictive than the closed policy . 

35. (Canceled) 

36. (Currently Amended) One or more processor readable storage devices 
according to claim 34- 34, wherein: 

said first group is a member of a second group; 

an identity profile of said second group includes an attribute identifying from the 
plurality of policies a policy for changing static membership of said second group; 
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removing said first entity to the second group is performed only if said first policy 
may is not fee-less restrictive than [[a]] the policy for changing static membership of said second 
group; and 

said step of removing said first static member has an effect of removing said first 
static member from said second group. 

37. (Currently Amended) An apparatus that can modify group membership, 

comprising: 

a communication interface; and 

one or more processors in communication with said communication interface, 
said one or more processors perform a method comprising the steps of: 

receiving from a first entity a request to add the first entity to a first group, 

accessing an indication of attribute of an identity profile of the first group, 
the attribute identifying a first policy from a plurality of policies, the plurality of policies 
defining policies for self-subscribing to and self-unsubscribing from said first group, 

adding said first entity to said first group as a static member based on said 
first policy, wherein adding said first entity to said first group as a static member comprises 
updating an attribute of an identity profile for the first group to include the first entity, 

adding said first entity to a second group as a nested member based on 
said first group being a member of said second group, 

receiving from the first static member a request to remove the first static 
member from the first group, and 

removing said first static member from said first group based on said first 
policy, wherein removing said first entity to said first group as a static member comprises 
updating the attribute of the identity profile for the first group to remove the first entit y, and 

removing said first static member from the second group based on said 
first group being a member of said second group . 

38. (Canceled) 
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39. 

said first group it 



member of a second group; 



PATENT 



an identity profile of said second group includes an attribute identifying from the 
plurality of policies a policy for changing static membership of said second group; 

adding said first entity to the second group is performed only if said first policy 
may is not be-less restrictive than [[a]] the policy for changing static membership of said second 
group; and 

said step of adding said first entity to said first second group as a nested member 
provides said first entity with membership privileges in said second group. 

40. - 42. (Canceled) 
Please add the following new claims: 

43. (New) The method of claim 1, further comprising expanding membership 
of said first group based on dynamic membership in said first group. 

44. (New) The method of claim 43, wherein expanding membership of said 
first group comprises: 

determining dynamic members in said first group based on a rule specifying 
dynamic membership; and 

updating the attribute of the identity profile for the first group to include the 
dynamic members. 

45. (New) The method of claim 44, wherein the rule specifying dynamic 
membership is stored in an attribute of the identity profile of the first group. 

46. (New) The method of claim 45, wherein the rule specifying dynamic 
membership comprises a Lightweight Directory Access Protocol (LDAP) rule. 
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47. (New) The method of claim 43, wherein expanding membership of said 
first group based on nested membership in said first group. 

48. (New) The method of claim 43, wherein expanding membership of said 
first group is further based on an expansion attribute of the identity profile of the first group and 
wherein expanding membership of said first group is performed only is the expansion attribute is 
true. 

49. (New) The one or more processor readable storage devices of claim 24, 
further comprising expanding membership of said first group based on dynamic membership in 
said first group. 

50. (New) The one or more processor readable storage devices of claim 49, 
wherein expanding membership of said first group comprises: 

determining dynamic members in said first group based on a rule specifying 
dynamic membership; and 

updating the attribute of the identity profile for the first group to include the 
dynamic members. 

5 1 . (New) The one or more processor readable storage devices of claim 50, 
wherein the rule specifying dynamic membership is stored in an attribute of the identity profile 
of the first group. 

52. (New) The one or more processor readable storage devices of claim 5 1 , 
wherein the rule specifying dynamic membership comprises a Lightweight Directory Access 
Protocol (LDAP) rule. 
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53. (New) The one or more processor readable storage devices of claim 49, 
wherein expanding membership of said first group based on nested membership in said first 
group. 

54. (New) The one or more processor readable storage devices of claim 49, 
wherein expanding membership of said first group is further based on an expansion attribute of 
the identity profile of the first group and wherein expanding membership of said first group is 
performed only is the expansion attribute is true. 
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